1 |
Hi Ulrich, |
2 |
|
3 |
I'm happy with this "as is", but there may be a few improvements still. |
4 |
|
5 |
By the way: This improves the situation for mounted ro /boot by moving |
6 |
the check from preinst to pretend. |
7 |
|
8 |
For noauto /boot (I believe the default and recommended) this fixes things. |
9 |
|
10 |
This is the reason I decided to rather go with mounting /boot but as ro |
11 |
instead of not mounting at all. |
12 |
|
13 |
May I also suggest we start recommended read-only /boot instead of not |
14 |
mounted at all in order to avoid similar issues from recurring? |
15 |
|
16 |
Kind Regards, |
17 |
Jaco |
18 |
|
19 |
On 2019/12/07 11:10, Ulrich Müller wrote: |
20 |
|
21 |
> The eclass failed to remount a read-only mounted /boot, because package |
22 |
> collision sanity checks in recent Portage versions prevented it from |
23 |
> reaching pkg_preinst() at all. Furthermore, with the "mount-sandbox" |
24 |
> feature enabled, the mount won't be propagated past pkg_preinst() and |
25 |
> installed files would end up under the (shadowed) mount point. |
26 |
> |
27 |
> Therefore don't even attempt to mount /boot ourselves, but error out |
28 |
> if it isn't mounted read/write and ask the user to mount /boot. |
29 |
> |
30 |
> Also clean up and simplify. (For example, awk is a grown-up program |
31 |
> which doesn't need any help from egrep or sed. :-) |
32 |
> |
33 |
> Closes: https://bugs.gentoo.org/532264 |
34 |
> See-also: https://bugs.gentoo.org/274130#c5 |
35 |
> Signed-off-by: Ulrich Müller <ulm@g.o> |
36 |
Acked-by: Jaco Kroon <jaco@××××××.za> |
37 |
> |
38 |
> --- |
39 |
> v3: Exit awk commands on first match. |
40 |
> |
41 |
> v4: Added die statements after awk commands |
42 |
> Fixed typo in mount-boot_is_disabled function documentation |
43 |
> Reverted renaming of I_KNOW_WHAT_I_AM_DOING variable |
44 |
> |
45 |
> eclass/mount-boot.eclass | 144 +++++++++++++-------------------------- |
46 |
> 1 file changed, 48 insertions(+), 96 deletions(-) |
47 |
> |
48 |
> diff --git a/eclass/mount-boot.eclass b/eclass/mount-boot.eclass |
49 |
> index 938df6732f43..ca27aca7efbd 100644 |
50 |
> --- a/eclass/mount-boot.eclass |
51 |
> +++ b/eclass/mount-boot.eclass |
52 |
> @@ -1,156 +1,108 @@ |
53 |
> -# Copyright 1999-2015 Gentoo Foundation |
54 |
> +# Copyright 1999-2019 Gentoo Authors |
55 |
> # Distributed under the terms of the GNU General Public License v2 |
56 |
> |
57 |
> # @ECLASS: mount-boot.eclass |
58 |
> # @MAINTAINER: |
59 |
> # base-system@g.o |
60 |
> # @BLURB: functions for packages that install files into /boot |
61 |
> # @DESCRIPTION: |
62 |
> # This eclass is really only useful for bootloaders. |
63 |
> # |
64 |
> # If the live system has a separate /boot partition configured, then this |
65 |
> # function tries to ensure that it's mounted in rw mode, exiting with an |
66 |
> -# error if it can't. It does nothing if /boot isn't a separate partition. |
67 |
> +# error if it can't. It does nothing if /boot isn't a separate |
68 |
partition. |
69 |
> + |
70 |
> +case ${EAPI:-0} in |
71 |
> + 4|5|6|7) ;; |
72 |
> + *) die "${ECLASS}: EAPI ${EAPI:-0} not supported" ;; |
73 |
> +esac |
74 |
> |
75 |
> EXPORT_FUNCTIONS pkg_pretend pkg_preinst pkg_postinst pkg_prerm |
76 |
pkg_postrm |
77 |
> |
78 |
> -# @FUNCTION: mount-boot_disabled |
79 |
> +# @FUNCTION: mount-boot_is_disabled |
80 |
> # @INTERNAL |
81 |
> # @DESCRIPTION: |
82 |
> # Detect whether the current environment/build settings are such that |
83 |
we do not |
84 |
> # want to mess with any mounts. |
85 |
> mount-boot_is_disabled() { |
86 |
> - # Since this eclass only deals with /boot, skip things when ROOT |
87 |
is active. |
88 |
> - if [[ "${ROOT:-/}" != "/" ]] ; then |
89 |
> + # Since this eclass only deals with /boot, skip things when EROOT |
90 |
is active. |
91 |
> + if [[ ${EROOT:-/} != / ]] ; then |
92 |
> return 0 |
93 |
> fi |
94 |
|
95 |
I don't use spaces in path names ... but what happens here if ROOT or |
96 |
EPREFIX (and by implication EROOT) contains a space? |
97 |
|
98 |
What about just checking "${EROOT}/boot" instead? |
99 |
|
100 |
Would that even be possible ... ? |
101 |
|
102 |
> |
103 |
> |
104 |
> # If we're only building a package, then there's no need to check |
105 |
things. |
106 |
> - if [[ "${MERGE_TYPE}" == "buildonly" ]] ; then |
107 |
> + if [[ ${MERGE_TYPE} == buildonly ]] ; then |
108 |
> return 0 |
109 |
> fi |
110 |
> |
111 |
> # The user wants us to leave things be. |
112 |
> if [[ -n ${DONT_MOUNT_BOOT} ]] ; then |
113 |
> return 0 |
114 |
> fi |
115 |
> |
116 |
> # OK, we want to handle things ourselves. |
117 |
> return 1 |
118 |
> } |
119 |
> |
120 |
> # @FUNCTION: mount-boot_check_status |
121 |
> # @INTERNAL |
122 |
> # @DESCRIPTION: |
123 |
> -# Figure out what kind of work we need to do in order to have /boot |
124 |
be sane. |
125 |
> -# Return values are: |
126 |
> -# 0 - Do nothing at all! |
127 |
> -# 1 - It's mounted, but is currently ro, so need to remount rw. |
128 |
> -# 2 - It's not mounted, so need to mount it rw. |
129 |
> +# Check if /boot is sane, i.e., mounted read/write if on a separate |
130 |
> +# partition. Die if conditions are not fulfilled. |
131 |
> mount-boot_check_status() { |
132 |
> # Get out fast if possible. |
133 |
> - mount-boot_is_disabled && return 0 |
134 |
> + mount-boot_is_disabled && return |
135 |
> |
136 |
> # note that /dev/BOOT is in the Gentoo default /etc/fstab file |
137 |
> - local fstabstate=$(awk '!/^#|^[[:blank:]]+#|^\/dev\/BOOT/ {print |
138 |
$2}' /etc/fstab | egrep "^/boot$" ) |
139 |
> - local procstate=$(awk '$2 ~ /^\/boot$/ {print $2}' /proc/mounts) |
140 |
> - local proc_ro=$(awk '{ print $2 " ," $4 "," }' /proc/mounts | sed |
141 |
-n '/^\/boot .*,ro,/p') |
142 |
> - |
143 |
> - if [ -n "${fstabstate}" ] && [ -n "${procstate}" ] ; then |
144 |
> - if [ -n "${proc_ro}" ] ; then |
145 |
> - echo |
146 |
> - einfo "Your boot partition, detected as being mounted at |
147 |
/boot, is read-only." |
148 |
> - einfo "It will be remounted in read-write mode temporarily." |
149 |
> - return 1 |
150 |
> - else |
151 |
> - echo |
152 |
> - einfo "Your boot partition was detected as being mounted |
153 |
at /boot." |
154 |
> - einfo "Files will be installed there for ${PN} to |
155 |
function correctly." |
156 |
> - return 0 |
157 |
> - fi |
158 |
> - elif [ -n "${fstabstate}" ] && [ -z "${procstate}" ] ; then |
159 |
> - echo |
160 |
> - einfo "Your boot partition was not mounted at /boot, so it |
161 |
will be automounted for you." |
162 |
> - einfo "Files will be installed there for ${PN} to function |
163 |
correctly." |
164 |
> - return 2 |
165 |
> - else |
166 |
> - echo |
167 |
> + local fstabstate=$(awk '!/^[[:blank:]]*#|^\/dev\/BOOT/ && $2 == |
168 |
"/boot" \ |
169 |
> + { print 1; exit }' /etc/fstab || die "awk failed") |
170 |
> + |
171 |
> + if [[ -z ${fstabstate} ]] ; then |
172 |
> einfo "Assuming you do not have a separate /boot partition." |
173 |
> - return 0 |
174 |
> + return |
175 |
> fi |
176 |
> -} |
177 |
> |
178 |
> -mount-boot_pkg_pretend() { |
179 |
> - # Get out fast if possible. |
180 |
> - mount-boot_is_disabled && return 0 |
181 |
> + local procstate=$(awk '$2 == "/boot" \ |
182 |
> + { print gensub(/^(.*,)?(ro|rw)(,.*)?$/, "\\2", 1, $4); exit }' \ |
183 |
> + /proc/mounts || die "awk failed") |
184 |
> |
185 |
> - elog "To avoid automounting and auto(un)installing with /boot," |
186 |
> - elog "just export the DONT_MOUNT_BOOT variable." |
187 |
> - mount-boot_check_status |
188 |
> + if [[ -z ${procstate} ]] ; then |
189 |
> + eerror "Your boot partition is not mounted at /boot." |
190 |
> + eerror "Please mount it and retry." |
191 |
> + die "/boot not mounted" |
192 |
> + fi |
193 |
> + |
194 |
> + if [[ ${procstate} == ro ]] ; then |
195 |
> + eerror "Your boot partition, detected as being mounted at |
196 |
/boot," \ |
197 |
> + "is read-only." |
198 |
> + eerror "Please remount it read/write and retry." |
199 |
> + die "/boot mounted read-only" |
200 |
> + fi |
201 |
> + |
202 |
> + einfo "Your boot partition was detected as being mounted at /boot." |
203 |
> + einfo "Files will be installed there for ${PN} to function |
204 |
correctly." |
205 |
> } |
206 |
> |
207 |
> -mount-boot_mount_boot_partition() { |
208 |
> +mount-boot_pkg_pretend() { |
209 |
> mount-boot_check_status |
210 |
> - case $? in |
211 |
> - 0) # Nothing to do. |
212 |
> - ;; |
213 |
> - 1) # Remount it rw. |
214 |
> - mount -o remount,rw /boot |
215 |
> - if [ $? -ne 0 ] ; then |
216 |
> - echo |
217 |
> - eerror "Unable to remount in rw mode. Please do it manually!" |
218 |
> - die "Can't remount in rw mode. Please do it manually!" |
219 |
> - fi |
220 |
> - touch /boot/.e.remount |
221 |
> - ;; |
222 |
> - 2) # Mount it rw. |
223 |
> - mount /boot -o rw |
224 |
> - if [ $? -ne 0 ] ; then |
225 |
> - echo |
226 |
> - eerror "Cannot automatically mount your /boot partition." |
227 |
> - eerror "Your boot partition has to be mounted rw before |
228 |
the installation" |
229 |
> - eerror "can continue. ${PN} needs to install important |
230 |
files there." |
231 |
> - die "Please mount your /boot partition manually!" |
232 |
> - fi |
233 |
> - touch /boot/.e.mount |
234 |
> - ;; |
235 |
> - esac |
236 |
> } |
237 |
> |
238 |
> mount-boot_pkg_preinst() { |
239 |
> - # Handle older EAPIs. |
240 |
> - case ${EAPI:-0} in |
241 |
> - [0-3]) mount-boot_pkg_pretend ;; |
242 |
> - esac |
243 |
> - |
244 |
> - mount-boot_mount_boot_partition |
245 |
> + mount-boot_check_status |
246 |
> } |
247 |
> |
248 |
> mount-boot_pkg_prerm() { |
249 |
> - touch "${ROOT}"/boot/.keep 2>/dev/null |
250 |
> - mount-boot_mount_boot_partition |
251 |
> - touch "${ROOT}"/boot/.keep 2>/dev/null |
252 |
> -} |
253 |
> + mount-boot_check_status |
254 |
> |
255 |
> -mount-boot_umount_boot_partition() { |
256 |
> - # Get out fast if possible. |
257 |
> - mount-boot_is_disabled && return 0 |
258 |
> - |
259 |
> - if [ -e /boot/.e.remount ] ; then |
260 |
> - einfo "Automatically remounting /boot as ro as it was |
261 |
previously." |
262 |
> - rm -f /boot/.e.remount |
263 |
> - mount -o remount,ro /boot |
264 |
> - elif [ -e /boot/.e.mount ] ; then |
265 |
> - einfo "Automatically unmounting /boot as it was previously." |
266 |
> - rm -f /boot/.e.mount |
267 |
> - umount /boot |
268 |
> + if [[ -z ${EPREFIX} ]] \ |
269 |
> + && ! ( shopt -s failglob; : "${EROOT}"/boot/.keep* ) 2>/dev/null |
270 |
> + then |
271 |
> + # Create a .keep file, in case it is shadowed at the mount point |
272 |
> + touch "${EROOT}"/boot/.keep 2>/dev/null |
273 |
> fi |
274 |
> } |
275 |
> |
276 |
> -mount-boot_pkg_postinst() { |
277 |
> - mount-boot_umount_boot_partition |
278 |
> -} |
279 |
> +# No-op phases for backwards compatibility |
280 |
> +mount-boot_pkg_postinst() { :; } |
281 |
> |
282 |
> -mount-boot_pkg_postrm() { |
283 |
> - mount-boot_umount_boot_partition |
284 |
> -} |
285 |
> +mount-boot_pkg_postrm() { :; } |